package eiisan.config.security.error;

import eiisan.util.http.ServletUtil;
import eiisan.util.model.response.Result;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.stereotype.Component;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * 无权限访问控制
 */
@Component
public class AccessDenied implements AccessDeniedHandler {

	/**
	 * 权限不足，或没有权限的访问 返回 403, "Forbidden"
	 * 如果捕获到的是 AuthenticationException,那么将会使用其对应的AuthenticationEntryPoint的 commence()处理.<br>
	 * 如果捕获的异常是一个AccessDeniedException,那么将视当前访问的用户是否已经登录认证做不同的处理.<br>
	 * 如果未登录,则会使用关联的AuthenticationEntryPoint的commence()方法进行处理.<br>
	 * 否则将使用关联的AccessDeniedHandler的handle()方法进行处理.
	 */
	@Override
	public void handle(HttpServletRequest request, HttpServletResponse response,
                       AccessDeniedException accessDeniedException) throws IOException, ServletException {
		ServletUtil.writeJson(response, Result.noAccess());
	}

}
